From cd2a0083f9fb8502494271de3ac3c16184af0d97 Mon Sep 17 00:00:00 2001 From: hselasky Date: Tue, 25 Jun 2019 11:54:41 +0000 Subject: [PATCH] Convert all IPv4 and IPv6 multicast memberships into using a STAILQ instead of a linear array. The multicast memberships for the inpcb structure are protected by a non-sleepable lock, INP_WLOCK(), which needs to be dropped when calling the underlying possibly sleeping if_ioctl() method. When using a linear array to keep track of multicast memberships, the computed memory location of the multicast filter may suddenly change, due to concurrent insertion or removal of elements in the linear array. This in turn leads to various invalid memory access issues and kernel panics. To avoid this problem, put all multicast memberships on a STAILQ based list. Then the memory location of the IPv4 and IPv6 multicast filters become fixed during their lifetime and use after free and memory leak issues are easier to track, for example by: vmstat -m | grep multi All list manipulation has been factored into inline functions including some macros, to easily allow for a future hash-list implementation, if needed. This patch has been tested by pho@ . Differential Revision: https://reviews.freebsd.org/D20080 Reviewed by: markj @ MFC after: 1 week Sponsored by: Mellanox Technologies --- newlib/libc/sys/rtems/include/netinet/in.h | 6 +----- newlib/libc/sys/rtems/include/netinet6/in6.h | 7 ++----- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/newlib/libc/sys/rtems/include/netinet/in.h b/newlib/libc/sys/rtems/include/netinet/in.h index 11f32627f..727cc88cc 100644 --- a/newlib/libc/sys/rtems/include/netinet/in.h +++ b/newlib/libc/sys/rtems/include/netinet/in.h @@ -505,13 +505,9 @@ __END_DECLS #define IP_DEFAULT_MULTICAST_LOOP 1 /* normally hear sends if a member */ /* - * The imo_membership vector for each socket is now dynamically allocated at - * run-time, bounded by USHRT_MAX, and is reallocated when needed, sized - * according to a power-of-two increment. + * Limit for IPv4 multicast memberships */ -#define IP_MIN_MEMBERSHIPS 31 #define IP_MAX_MEMBERSHIPS 4095 -#define IP_MAX_SOURCE_FILTER 1024 /* XXX to be unused */ /* * Default resource limits for IPv4 multicast source filtering. diff --git a/newlib/libc/sys/rtems/include/netinet6/in6.h b/newlib/libc/sys/rtems/include/netinet6/in6.h index c936cfe16..a9c7cbc00 100644 --- a/newlib/libc/sys/rtems/include/netinet6/in6.h +++ b/newlib/libc/sys/rtems/include/netinet6/in6.h @@ -60,7 +60,7 @@ * SUCH DAMAGE. * * @(#)in.h 8.3 (Berkeley) 1/3/94 - * $FreeBSD: head/sys/netinet6/in6.h 337783 2018-08-14 17:27:41Z jtl $ + * $FreeBSD: head/sys/netinet6/in6.h 349369 2019-06-25 11:54:41Z hselasky $ */ #ifndef __KAME_NETINET_IN_H_INCLUDED_ @@ -395,11 +395,8 @@ struct route_in6 { #define IPV6_DEFAULT_MULTICAST_LOOP 1 /* normally hear sends if a member */ /* - * The im6o_membership vector for each socket is now dynamically allocated at - * run-time, bounded by USHRT_MAX, and is reallocated when needed, sized - * according to a power-of-two increment. + * Limit for IPv6 multicast memberships */ -#define IPV6_MIN_MEMBERSHIPS 31 #define IPV6_MAX_MEMBERSHIPS 4095 /*